My documents can be read by all
|
From: Joseph Vito Bacino on 15 May 2010 13:14 One extra thing we do is make a security group for each folder we redirect. Exp: MyDocs folder would have a "MyDocAdmins" group. (little extra work, but is helpful) It never fails that an owner or office manger wants access employee files to check up on them. I would not however allow this for normal file Sharing. If it is needed, all we need to do is add the user to the security group and they have access. For the security group, just follow the line that is for the domain admins group. "MyDocsAdmin" Full Control (Apply onto: This Folder, Subfolders and Files) On 5/14/2010 12:49 PM, Dave Nickason [SBS MVP] wrote: > First, open the policy that is controlling redirection in the group > policy editor. The settings are in User Configuration -> Policies -> > Windows Settings -> Folder Redirection. R-click Documents -> Properties. > On the Settings tab, make sure "Grand the user exclusive rights to > Documents" is checked. > > Then, get this KB and fix the permissions on the existing redirected > folders: > > How to dynamically create security-enhanced redirected folders by using > folder redirection in Windows 2000 and in Windows Server 2003 > http://support.microsoft.com/default.aspx/kb/274443/en-us?p=1 > > And lastly, for the sync story, see this: > > Files that you add to the Offline Files folder on a Windows XP-based > computer are synchronized when another person uses the computer > http://support.microsoft.com/kb/811660 > > > "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > news:DC38E70E-6057-43F8-B256-A6E84C575F14(a)microsoft.com... >> I have a standard installation of SBS 2003 Small Business Server. All >> users >> were set up using the Server Management Console cumputers added the >> same way, >> Working off a single Domain. >> User My documents are redirected to a share (Ussers Shared Folders) on >> the >> server. If a user goes to the shared folder on the server through a UNC >> address he is able to open any of the folders there no mater who the >> owner >> is. Also when doing a sync for his folders it syncs all the users on the >> machine or that have been on the machine. >> Is there a way to eliminate the ablity of a user to have access to >> another >> users files? Can this be done Globally? Will It fix the File sync issue. >> Thank you in advance for any and all input. >> -- >> D.Sweet >
From: Dave Nickason [SBS MVP] on 15 May 2010 16:00 Your group policy is OK then - nothing more to worry about there. On the Share permissions set Everyone (or Domain Users if you prefer, doesn't matter) to Full Control. Then make the rest of the changes on the Security tab. For the sync one, please read the whole KB. I haven't read it in a while but I think there are some other changes you need to make - maybe a registry edit? "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message news:3DAC2FFB-2721-46E9-BA4E-9E126B5BD4D1(a)microsoft.com... > See notes below > -- > D.Sweet > > > "Dave Nickason [SBS MVP]" wrote: > >> First, open the policy that is controlling redirection in the group >> policy >> editor. The settings are in User Configuration -> Policies -> Windows >> Settings -> Folder Redirection. R-click Documents -> Properties. On the >> Settings tab, make sure "Grand the user exclusive rights to Documents" is >> checked. > > This is enabled and checked > >> Then, get this KB and fix the permissions on the existing redirected >> folders: >> >> How to dynamically create security-enhanced redirected folders by using >> folder redirection in Windows 2000 and in Windows Server 2003 >> http://support.microsoft.com/default.aspx/kb/274443/en-us?p=1 > > If I understand correctly I go to the shared Users folder and Properties, > then under the Sharing Tab click on Share permissions. At this point the > only > thing that I have is: > Domain Admins - Full Controll, Change, Read > Domain Users - Full Controll, Change, Read > Folder Operators - Full Controll, Change, Read > > Is this where I should be adding the other permissions by adding the > Everyone , Creator Owner, System Control, Domain Admins with the > appropriate > Permissions for each? > >> And lastly, for the sync story, see this: >> >> Files that you add to the Offline Files folder on a Windows XP-based >> computer are synchronized when another person uses the computer >> http://support.microsoft.com/kb/811660 > > This says that the next service pack should have it installed - I > currrently > have all machines on SP2 or SP3 (XP) so is this still a needed step? > >> >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message >> news:DC38E70E-6057-43F8-B256-A6E84C575F14(a)microsoft.com... >> > I have a standard installation of SBS 2003 Small Business Server. All >> > users >> > were set up using the Server Management Console cumputers added the >> > same >> > way, >> > Working off a single Domain. >> > User My documents are redirected to a share (Ussers Shared Folders) on >> > the >> > server. If a user goes to the shared folder on the server through a UNC >> > address he is able to open any of the folders there no mater who the >> > owner >> > is. Also when doing a sync for his folders it syncs all the users on >> > the >> > machine or that have been on the machine. >> > Is there a way to eliminate the ablity of a user to have access to >> > another >> > users files? Can this be done Globally? Will It fix the File sync >> > issue. >> > Thank you in advance for any and all input. >> > -- >> > D.Sweet >> >> . >>
From: D.Sweet on 16 May 2010 11:56 Sorry for being so dense!! I really don't want to mees this up. 1. Under "User Folders" Properies, The "sharing" Tab the Permissions Box is clicked, Tab labeled Share permissions, I have 3 groupsall with full control. Domain Admins Domain Users Folder Operators Do I leave all of these or remove all but Domain Users with full control? 2. under the security tab of "usser folders" properties I have 4 groups: Domain Admins - Full control Domain Usesrs - Special Permissions - Folder Operators - Full Control System - Full Control I added the group "Creator Owner" with full control. Advancesd Box clicked, for Special Permissions, Shows advanced Security settings for shared user folders. Selecting "Domain Users", "Permission Special" and edit button shows "applies onto This folder and Files, the following: Full Control - Unchecked - Allow/Deny Transverse Folder/execute file - Allow checked List folder/Read Data - Allow checked Read Attributes - Allow checked Creat Files/Write Data - Unchecked - Allow/Deny Create Data/Append Data - Allow checked Write Attributes - Unchecked - Allow/Deny Write Extended Atributes - Unchecked - Allow/Deny Delete Subfolders and files - Unchecked - Allow/Deny Delete - Unchecked - Allow/Deny Read Permissions - Allow Checked Change Ownership - Unchecked - Allow/Deny Take Ownership - Unchecked - Allow/Deny At the bottom of the box a check mark is in front of "apply these permissions to objects and/or containers withing this container only. Do I change the Domain users permissions here to agree with the KB27443 Artical for Everyone - or - do I "add" another entry for everyone that applies to "this folder only" allowing Create/Append, List/Read, Read Attributes, Transvers folder/Execute? Going back to the Advanced page security setings Permissions tab there are no check marks in the Allow inheritable permissions from parent to propagate to this object. Or Replace permission entries on all child objects within entries shown. When I get this accomplished I will move on the the Article KB 811660 and edit registery as per for each machine effected. -- D.Sweet "Dave Nickason [SBS MVP]" wrote: > Your group policy is OK then - nothing more to worry about there. > > On the Share permissions set Everyone (or Domain Users if you prefer, > doesn't matter) to Full Control. Then make the rest of the changes on the > Security tab. > > For the sync one, please read the whole KB. I haven't read it in a while > but I think there are some other changes you need to make - maybe a registry > edit? > > > > "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > news:3DAC2FFB-2721-46E9-BA4E-9E126B5BD4D1(a)microsoft.com... > > See notes below > > -- > > D.Sweet > > > > > > "Dave Nickason [SBS MVP]" wrote: > > > >> First, open the policy that is controlling redirection in the group > >> policy > >> editor. The settings are in User Configuration -> Policies -> Windows > >> Settings -> Folder Redirection. R-click Documents -> Properties. On the > >> Settings tab, make sure "Grand the user exclusive rights to Documents" is > >> checked. > > > > This is enabled and checked > > > >> Then, get this KB and fix the permissions on the existing redirected > >> folders: > >> > >> How to dynamically create security-enhanced redirected folders by using > >> folder redirection in Windows 2000 and in Windows Server 2003 > >> http://support.microsoft.com/default.aspx/kb/274443/en-us?p=1 > > > > If I understand correctly I go to the shared Users folder and Properties, > > then under the Sharing Tab click on Share permissions. At this point the > > only > > thing that I have is: > > Domain Admins - Full Controll, Change, Read > > Domain Users - Full Controll, Change, Read > > Folder Operators - Full Controll, Change, Read > > > > Is this where I should be adding the other permissions by adding the > > Everyone , Creator Owner, System Control, Domain Admins with the > > appropriate > > Permissions for each? > > > >> And lastly, for the sync story, see this: > >> > >> Files that you add to the Offline Files folder on a Windows XP-based > >> computer are synchronized when another person uses the computer > >> http://support.microsoft.com/kb/811660 > > > > This says that the next service pack should have it installed - I > > currrently > > have all machines on SP2 or SP3 (XP) so is this still a needed step? > > > >> > >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > >> news:DC38E70E-6057-43F8-B256-A6E84C575F14(a)microsoft.com... > >> > I have a standard installation of SBS 2003 Small Business Server. All > >> > users > >> > were set up using the Server Management Console cumputers added the > >> > same > >> > way, > >> > Working off a single Domain. > >> > User My documents are redirected to a share (Ussers Shared Folders) on > >> > the > >> > server. If a user goes to the shared folder on the server through a UNC > >> > address he is able to open any of the folders there no mater who the > >> > owner > >> > is. Also when doing a sync for his folders it syncs all the users on > >> > the > >> > machine or that have been on the machine. > >> > Is there a way to eliminate the ablity of a user to have access to > >> > another > >> > users files? Can this be done Globally? Will It fix the File sync > >> > issue. > >> > Thank you in advance for any and all input. > >> > -- > >> > D.Sweet > >> > >> . > >> > . >
From: Dave Nickason [SBS MVP] on 17 May 2010 18:56 1. You can leave the Share permissions as is. 2. See inline. A quick comment - whenever I've done this I just use the documentation, so I don't have these settings in my head. I'm a little concerned about the possibility of giving you a wrong answer that might lock out your users from their files. If I were doing this in my production environment, I'd do it after hours, or at least at a time when the office is mostly empty, then I'd test a user's access at the end to make sure everything is working as expected. You can either use your own account for that if you have the same permissions as the regular users, or ask someone to leave his/her computer logged in so you can test at the end. FWIW, I'd exactly match the settings in the KB. For example, I doubt you'll see any difference in functionality between "Everyone" and "Domain Users," but why not just use the recommended group? What ends up happening is that Everyone only has access to the top-level folder (because of the "This folder only" setting). Then the individual users get full control because of the Creator Owner setting applied to subfolders and files. So using Everyone isn't a security issue as it might appear to be. "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message news:B5776989-8306-4E99-9438-0CF3996A3CB4(a)microsoft.com... > Sorry for being so dense!! I really don't want to mees this up. > > 1. Under "User Folders" Properies, The "sharing" Tab the Permissions Box > is > clicked, Tab labeled Share permissions, I have 3 groupsall with full > control. > Domain Admins > Domain Users > Folder Operators > Do I leave all of these or remove all but Domain Users with full control? > > 2. under the security tab of "usser folders" properties > I have 4 groups: > Domain Admins - Full control OK > Domain Usesrs - Special Permissions - OK > Folder Operators - Full Control Why? Do you have anyone in this security group, or any Domain Power Users? If you don't want these people to have access, I'd remove this one. > System - Full Control OK > I added the group "Creator Owner" with full control. OK. On the advanced tab, the Creator Owner permissions should be set to "Subfolders and files only." > Advancesd Box clicked, for Special Permissions, Shows advanced Security > settings for shared user folders. Selecting "Domain Users", "Permission > Special" and edit button shows "applies onto This folder and Files, the > following: All of these should be "This folder only," not "This folder and files." > Full Control - Unchecked - Allow/Deny > Transverse Folder/execute file - Allow checked > List folder/Read Data - Allow checked > Read Attributes - Allow checked > Creat Files/Write Data - Unchecked - Allow/Deny > Create Data/Append Data - Allow checked > Write Attributes - Unchecked - Allow/Deny > Write Extended Atributes - Unchecked - Allow/Deny > Delete Subfolders and files - Unchecked - Allow/Deny > Delete - Unchecked - Allow/Deny > Read Permissions - Allow Checked Probably not a big deal but this one should be unchecked. > Change Ownership - Unchecked - Allow/Deny > Take Ownership - Unchecked - Allow/Deny > At the bottom of the box a check mark is in front of "apply these > permissions to objects and/or containers withing this container only. This should be unchecked. When you change it from "This folder and files" to "This folder only," you won't be able to choose that option anyway. > Do I change the Domain users permissions here to agree with the KB27443 > Artical for Everyone - or - do I "add" another entry for everyone that > applies to "this folder only" allowing Create/Append, List/Read, Read > Attributes, Transvers folder/Execute? Personally, I'd match it exactly to the documentation as I said above. You can add the Everyone permissions exactly as described in the KB, and then delete Domain Users. > > Going back to the Advanced page security setings Permissions tab there are > no check marks in the Allow inheritable permissions from parent to > propagate > to this object. > Or > Replace permission entries on all child objects within entries shown. OK, that's right. When folders get created under this, they'll automatically inherit the correct permissions from here, by default. > > When I get this accomplished I will move on the the Article KB 811660 and > edit registery as per for each machine effected. > > > > -- > D.Sweet > > > "Dave Nickason [SBS MVP]" wrote: > >> Your group policy is OK then - nothing more to worry about there. >> >> On the Share permissions set Everyone (or Domain Users if you prefer, >> doesn't matter) to Full Control. Then make the rest of the changes on >> the >> Security tab. >> >> For the sync one, please read the whole KB. I haven't read it in a while >> but I think there are some other changes you need to make - maybe a >> registry >> edit? >> >> >> >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message >> news:3DAC2FFB-2721-46E9-BA4E-9E126B5BD4D1(a)microsoft.com... >> > See notes below >> > -- >> > D.Sweet >> > >> > >> > "Dave Nickason [SBS MVP]" wrote: >> > >> >> First, open the policy that is controlling redirection in the group >> >> policy >> >> editor. The settings are in User Configuration -> Policies -> Windows >> >> Settings -> Folder Redirection. R-click Documents -> Properties. On >> >> the >> >> Settings tab, make sure "Grand the user exclusive rights to Documents" >> >> is >> >> checked. >> > >> > This is enabled and checked >> > >> >> Then, get this KB and fix the permissions on the existing redirected >> >> folders: >> >> >> >> How to dynamically create security-enhanced redirected folders by >> >> using >> >> folder redirection in Windows 2000 and in Windows Server 2003 >> >> http://support.microsoft.com/default.aspx/kb/274443/en-us?p=1 >> > >> > If I understand correctly I go to the shared Users folder and >> > Properties, >> > then under the Sharing Tab click on Share permissions. At this point >> > the >> > only >> > thing that I have is: >> > Domain Admins - Full Controll, Change, Read >> > Domain Users - Full Controll, Change, Read >> > Folder Operators - Full Controll, Change, Read >> > >> > Is this where I should be adding the other permissions by adding the >> > Everyone , Creator Owner, System Control, Domain Admins with the >> > appropriate >> > Permissions for each? >> > >> >> And lastly, for the sync story, see this: >> >> >> >> Files that you add to the Offline Files folder on a Windows XP-based >> >> computer are synchronized when another person uses the computer >> >> http://support.microsoft.com/kb/811660 >> > >> > This says that the next service pack should have it installed - I >> > currrently >> > have all machines on SP2 or SP3 (XP) so is this still a needed step? >> > >> >> >> >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message >> >> news:DC38E70E-6057-43F8-B256-A6E84C575F14(a)microsoft.com... >> >> > I have a standard installation of SBS 2003 Small Business Server. >> >> > All >> >> > users >> >> > were set up using the Server Management Console cumputers added the >> >> > same >> >> > way, >> >> > Working off a single Domain. >> >> > User My documents are redirected to a share (Ussers Shared Folders) >> >> > on >> >> > the >> >> > server. If a user goes to the shared folder on the server through a >> >> > UNC >> >> > address he is able to open any of the folders there no mater who the >> >> > owner >> >> > is. Also when doing a sync for his folders it syncs all the users on >> >> > the >> >> > machine or that have been on the machine. >> >> > Is there a way to eliminate the ablity of a user to have access to >> >> > another >> >> > users files? Can this be done Globally? Will It fix the File sync >> >> > issue. >> >> > Thank you in advance for any and all input. >> >> > -- >> >> > D.Sweet >> >> >> >> . >> >> >> . >>
From: D.Sweet on 28 May 2010 18:24 An update on the Sync Issue, the Information in http://support.microsoft.com/kb/811660 Appears to have fixed the sync issue. One question I had thoug, if no one person is solely assigned to the machine and you leave the dword value out for that step will it causse any great concerns? I have not seen any yet. Am intending on working through the user folder permissions this week end when everyone is on holiday and will advise of the outcome then. Thanks for the input. -- D.Sweet "Dave Nickason [SBS MVP]" wrote: > 1. You can leave the Share permissions as is. > > 2. See inline. A quick comment - whenever I've done this I just use the > documentation, so I don't have these settings in my head. I'm a little > concerned about the possibility of giving you a wrong answer that might lock > out your users from their files. If I were doing this in my production > environment, I'd do it after hours, or at least at a time when the office is > mostly empty, then I'd test a user's access at the end to make sure > everything is working as expected. You can either use your own account for > that if you have the same permissions as the regular users, or ask someone > to leave his/her computer logged in so you can test at the end. > > FWIW, I'd exactly match the settings in the KB. For example, I doubt you'll > see any difference in functionality between "Everyone" and "Domain Users," > but why not just use the recommended group? > > What ends up happening is that Everyone only has access to the top-level > folder (because of the "This folder only" setting). Then the individual > users get full control because of the Creator Owner setting applied to > subfolders and files. So using Everyone isn't a security issue as it might > appear to be. > > "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > news:B5776989-8306-4E99-9438-0CF3996A3CB4(a)microsoft.com... > > Sorry for being so dense!! I really don't want to mees this up. > > > > 1. Under "User Folders" Properies, The "sharing" Tab the Permissions Box > > is > > clicked, Tab labeled Share permissions, I have 3 groupsall with full > > control. > > Domain Admins > > Domain Users > > Folder Operators > > Do I leave all of these or remove all but Domain Users with full control? > > > > 2. under the security tab of "usser folders" properties > > I have 4 groups: > > Domain Admins - Full control > > OK > > > Domain Usesrs - Special Permissions - > > OK > > > Folder Operators - Full Control > > Why? Do you have anyone in this security group, or any Domain Power Users? > If you don't want these people to have access, I'd remove this one. > > > System - Full Control > > OK > > > I added the group "Creator Owner" with full control. > > OK. On the advanced tab, the Creator Owner permissions should be set to > "Subfolders and files only." > > > Advancesd Box clicked, for Special Permissions, Shows advanced Security > > settings for shared user folders. Selecting "Domain Users", "Permission > > Special" and edit button shows "applies onto This folder and Files, the > > following: > > All of these should be "This folder only," not "This folder and files." > > > Full Control - Unchecked - Allow/Deny > > Transverse Folder/execute file - Allow checked > > List folder/Read Data - Allow checked > > Read Attributes - Allow checked > > Creat Files/Write Data - Unchecked - Allow/Deny > > Create Data/Append Data - Allow checked > > Write Attributes - Unchecked - Allow/Deny > > Write Extended Atributes - Unchecked - Allow/Deny > > Delete Subfolders and files - Unchecked - Allow/Deny > > Delete - Unchecked - Allow/Deny > > Read Permissions - Allow Checked > > Probably not a big deal but this one should be unchecked. > > > Change Ownership - Unchecked - Allow/Deny > > Take Ownership - Unchecked - Allow/Deny > > At the bottom of the box a check mark is in front of "apply these > > permissions to objects and/or containers withing this container only. > > This should be unchecked. When you change it from "This folder and files" > to "This folder only," you won't be able to choose that option anyway. > > > Do I change the Domain users permissions here to agree with the KB27443 > > Artical for Everyone - or - do I "add" another entry for everyone that > > applies to "this folder only" allowing Create/Append, List/Read, Read > > Attributes, Transvers folder/Execute? > > Personally, I'd match it exactly to the documentation as I said above. You > can add the Everyone permissions exactly as described in the KB, and then > delete Domain Users. > > > > > Going back to the Advanced page security setings Permissions tab there are > > no check marks in the Allow inheritable permissions from parent to > > propagate > > to this object. > > Or > > Replace permission entries on all child objects within entries shown. > > OK, that's right. When folders get created under this, they'll > automatically inherit the correct permissions from here, by default. > > > > > When I get this accomplished I will move on the the Article KB 811660 and > > edit registery as per for each machine effected. > > > > > > > > -- > > D.Sweet > > > > > > "Dave Nickason [SBS MVP]" wrote: > > > >> Your group policy is OK then - nothing more to worry about there. > >> > >> On the Share permissions set Everyone (or Domain Users if you prefer, > >> doesn't matter) to Full Control. Then make the rest of the changes on > >> the > >> Security tab. > >> > >> For the sync one, please read the whole KB. I haven't read it in a while > >> but I think there are some other changes you need to make - maybe a > >> registry > >> edit? > >> > >> > >> > >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > >> news:3DAC2FFB-2721-46E9-BA4E-9E126B5BD4D1(a)microsoft.com... > >> > See notes below > >> > -- > >> > D.Sweet > >> > > >> > > >> > "Dave Nickason [SBS MVP]" wrote: > >> > > >> >> First, open the policy that is controlling redirection in the group > >> >> policy > >> >> editor. The settings are in User Configuration -> Policies -> Windows > >> >> Settings -> Folder Redirection. R-click Documents -> Properties. On > >> >> the > >> >> Settings tab, make sure "Grand the user exclusive rights to Documents" > >> >> is > >> >> checked. > >> > > >> > This is enabled and checked > >> > > >> >> Then, get this KB and fix the permissions on the existing redirected > >> >> folders: > >> >> > >> >> How to dynamically create security-enhanced redirected folders by > >> >> using > >> >> folder redirection in Windows 2000 and in Windows Server 2003 > >> >> http://support.microsoft.com/default.aspx/kb/274443/en-us?p=1 > >> > > >> > If I understand correctly I go to the shared Users folder and > >> > Properties, > >> > then under the Sharing Tab click on Share permissions. At this point > >> > the > >> > only > >> > thing that I have is: > >> > Domain Admins - Full Controll, Change, Read > >> > Domain Users - Full Controll, Change, Read > >> > Folder Operators - Full Controll, Change, Read > >> > > >> > Is this where I should be adding the other permissions by adding the > >> > Everyone , Creator Owner, System Control, Domain Admins with the > >> > appropriate > >> > Permissions for each? > >> > > >> >> And lastly, for the sync story, see this: > >> >> > >> >> Files that you add to the Offline Files folder on a Windows XP-based > >> >> computer are synchronized when another person uses the computer > >> >> http://support.microsoft.com/kb/811660 > >> > > >> > This says that the next service pack should have it installed - I > >> > currrently > >> > have all machines on SP2 or SP3 (XP) so is this still a needed step? > >> > > >> >> > >> >> "D.Sweet" <DSweet(a)discussions.microsoft.com> wrote in message > >> >> news:DC38E70E-6057-43F8-B256-A6E84C575F14(a)microsoft.com... > >> >> > I have a standard installation of SBS 2003 Small Business Server. > >> >> > All > >> >> > users > >> >> > were set up using the Server Management Console cumputers added the > >> >> > same > >> >> > way, > >> >> > Working off a single Domain. > >> >> > User My documents are redirected to a share (Ussers Shared Folders) > >> >> > on > >> >> > the > >> >> > server. If a user goes to the shared folder on the server through a > >> >> > UNC > >> >> > address he is able to open any of the folders there no mater who the > >> >> > owner > >> >> > is. Also when doing a sync for his folders it syncs all the users on > >> >> > the > >> >> > machine or that have been on the machine. > >> >> > Is there a way to eliminate the ablity of a user to have access to > >> >> > another > >> >> > users files? Can this be done Globally? Will It fix the File sync > >> >> > issue. > >> >> > Thank you in advance for any and all input. > >> >> > -- > >> >> > D.Sweet > >> >> > >> >> . > >> >> > >> . > >> > . >
First
|
Prev
|
Pages: 1 2 Prev: Try to connect Windows 7 pro to SBS 2003 Next: Trying to connect Windows 7 home to SBS 2008 |